Q 2 2 0 1 5 [s t a t e o f the i nter n e t] / s ec ur it y
DDoS AND WEB
APPLICATIONS
ATTACKS
STATS & TRENDS
APRIL – JUNE 2015
DDoS ATTACKS
QUICK TAKEAWAYS
Record number of attacks
Generally less powerful
Longer lasting
Multi-vector DDoS
12 mega attacks > 100 Gbps
(versus 6 in Q2 2014)
SYN
(Often used in the
largest attacks)
OTHER
16.0
16.1
DNS
TOP DDoS
VECTORS
8.7
8.7
HTTP GET
(Often abuses
WordPress and
Joomla websites)
15.8
SSDP
(Abuses UPnP
devices in homes)
(BY PERCENTAGE)
13.6
9.4
NTP
UDP FRAGMENT
11.5
UDP
12 MEGA
ATTACKS
GREATER
100
THAN Gbps
HIGHEST
VOLUME
DDoS ATTACK
214 Mpps
AVERAGE
ATTACK
7 Mpps
LARGEST
BANDWIDTH
DDoS
ATTACK
249 Gbps
AVERAGE
ATTACK
7 Gbps
Mpps
50%
50%
1 VECTOR
2 OR MORE
VECTORS
MOST COMMON:
SYN & UDP WITH
EXTRA DATA
AND PADDING
SOURCES AND TARGETS
TARGETED INDUSTRIES
E DURA
AG
TI
R
E
X
GAMING
X
SOFTWARE
TECHNOLOGY
ON
AV
MOST TARGETED INDUSTRY
X
GAMING
X
MEDIA &
ENTERTAINMENT
20
.6 H R S
X
FINANCIAL
SERVICES
X
INTERNET
& TELECOM
OTHER
21.5
TOP 5
SOURCE
COUNTRIES
6.0
SPAIN
(BY PERCENTAGE)
7.4
INDIA
10.2
UK
CHINA
37.0
17.9
US
TRENDS
COMPARED TO Q2 2014
11%
77%
132%
Total
DDoS
attacks
122%
Average
peak
volume
134%
19%
100%
Average Application Infrastructure Average
peak
layer DDoS
layer
attack
bandwidth
attacks
attacks
duration
Total
attacks >
100 Gbps
17%
7%
15%
24%
18%
6%
50%
COMPARED TO Q1 2015
WEB APPLICATION ATTACKS
352.55
MILLI N
ATTACKS
OF THEM USED
49
SHELLSHOCK
TO TARGET ONE
FINANCIAL
SERVICES
PERCENT
FIRM (95%)
TOP
3
WEB
APPLICATION ATTACKS
OTHER – 7%
LOCAL FILE INCLUSION – 18%
SQL INJECTION – 26%
SHELLSHOCK – 49%
LESS POPULAR ATTACKS:
REMOTE FILE INCLUSION, PHP INJECTION, COMMAND INJECTION,
JAVA INJECTION, MALICIOUS FILE UPLOAD, CROSS-SITE SCRIPTING
56
PERCENT
More than half of all web application
attacks were sent over HTTPS.
Half of HTTPS attacks were Shellshock.
MOST TARGETED INDUSTRIES
X
RETAIL AND
FINANCIAL
SERVICES
OTHER
10.0
RUSSIA
6.0
GERMANY
7.0
11.0
BRAZIL
TOP 5
SOURCE
COUNTRIES*
51.0
CHINA
(BY PERCENTAGE)
15.0
*Based on last hop
US
80
% of web application
attacks targeted US sites
THREAT ADVISORY DOWNLOADS
OurMine Team
RIPv1 reflection
DDoS
Third-party WordPress
plugin vulnerabilities
Logjam
vulnerability
DD4BC
The Akamai platform consists of more than 200,000 servers in more than
100 countries around the globe and regularly transmits between 15 – 30% of all
Internet traffic. In February 2014, Akamai added the Prolexic network to its portfolio,
a resource specifically designed to fight DDoS attacks. This report draws its
data from the two platforms in order to provide information about
current attacks and traffic patterns around the globe.
Access the complete Q2 2015 state of the internet / security report at
www.stateoftheinternet.com/security-reports
Statistics based on attack campaigns mitigated by Akamai.